Why is CrowdStrike pursuing FedRAMP authorization?
The federal government and its constituents have unique infrastructure requirements and are the target of many advanced security threats. As part of its mission to stop breaches, CrowdStrike® intends to reaffirm its commitment to protecting public sector enterprises and its willingness to go to great lengths to prove its readiness and dedication to serving federal government agencies.
What is FedRAMP?
FedRAMP is a mandatory standardized approach to security risk assessment, authorization and monitoring for cloud products and services. All cloud services providers (CSPs) wishing to store sensitive government agency data must be FedRAMP authorized, ensuring their data is secure in cloud environments.
Why is FedRAMP authorization required?
Cloud computing continues to revolutionize the way businesses and the federal government operate and this includes the need to replace antiquated infrastructure and harness computing power in order to solve complex cybersecurity challenges. Inherently, there are risks with adopting cloud computing and FedRAMP has been established as a mandatory security compliance framework for assessing the risk of cloud computing implementation for federal agencies. FedRAMP applies to all CSPs that plan to do business with the federal government.
What steps is CrowdStrike taking to become FedRAMP authorized?
CrowdStrike is officially “In Process” for FedRAMP authorization, which is the first key milestone in this rigorous certification effort. In order to achieve this, CrowdStrike is being sponsored by a federal agency customer, the Department of Commerce’s International Trade Administration (ITA). Concurrently, CrowdStrike has established an instance in Amazon Web Services (AWS) GovCloud to support these efforts (see more below). To learn more about this process, please visit CrowdStrike’s page in the FedRAMP Marketplace — it will include all updates as they occur. You can also contact CrowdStrike if you are interested in a sponsoring partnership.
Does CrowdStrike have an instance in AWS GovCloud?
Yes, CrowdStrike recognizes the need for demonstrating its dedication to protecting the federal government and its constituents from cyberthreats. CrowdStrike Falcon® is operational within the AWS GovCloud to support the ongoing mission of improving the federal government’s cybersecurity. CrowdStrike is committed to establishing, maintaining and evolving its infrastructure within the AWS GovCloud instance.
I’m not a government agency, why does this announcement matter to me?
The rigorous FedRAMP process lends exceptional credibility to the efficacy of cybersecurity solutions that achieve FedRAMP authorization. Therefore, many state and local government agencies are working toward applying these same standards to securing their controlled, unclassified data. This is also true for federal systems integrators and contractors supporting federal contracts and federal end users. The FedRAMP authorization that CrowdStrike is pursuing is in alignment with the protection of controlled unclassified data as laid out in NIST SP 800-171. As the FedRAMP authorization process continues, meeting these stringent requirements reinforces CrowdStrike’s commitment and ability to serve customers by safeguarding their enterprises with the most effective endpoint protection platform and ultimately stopping breaches.
Has CrowdStrike done business with the federal government before? What about state and local?
Yes, the ITA, as a current Falcon customer, is partnering with CrowdStrike as an agency sponsor for FedRAMP authorization. In addition to U.S. federal agencies, CrowdStrike is committed to helping state and local governments as well as educational institutions protect their enterprises.
In addition to CrowdStrike’s FedRAMP authorization efforts, since 2013, the federal government has trusted CrowdStrike as a leading cyberthreat intelligence provider, helping prioritize and organize their security strategies to better defend against the world’s most advanced adversaries.
The state of Wyoming is one of CrowdStrike’s many state and local customers taking advantage of the Falcon platform’s comprehensive endpoint protection. CrowdStrike Falcon was able to seamlessly scale to the state’s complex environment instantly, empowering the security team to maximize resources and enhance its existing security controls. Learn more in the Wyoming State Case Study.
Where can I learn more about FedRAMP?
The FedRAMP program website provides up-to-date information about the FedRAMP authorization process as well as partners, marketplace, blogs, and authorization resources. You can find more on the website here.